Simple steps to safeguard your wallet from unlimited ERC-20 allowance risks


Participating in the decentralized finance space often necessitates the need to grant projects certain permissions to spend tokens from one’s own wallet.

These permissions — called ERC-20 allowances — help to simplify the smart contract interaction processes that allow users to send funds to a contract while simultaneously calling a state change function.

However, malicious actors can utilize this allowance to drain funds from an unsuspecting trader. To understand this risk vector, it is perhaps important to explain how ERC-20 allowance permission works.

Upon first interacting with a new DeFi project, traders need to allow the decentralized application the access to spend funds — usually Ether (ETH) or a stablecoin like Tether (USDT) — from their wallets.

This allowance is often unlimited to eliminate the need for future approval steps by the trader when executing subsequent transactions. Under normal operating conditions, the DeFi project will only spend the specified amount set by the trader.

However, abnormal operating conditions can emerge as has been seen on numerous occasions in the DeFi space. Smart contract bugs like the kind suffered by Bancor back in June 2020 can expose this vulnerability and drain funds from user wallets.

During the 2020 DeFi mania, rogue actors also exploited this vulnerability to steal funds from unsuspecting traders. One such example was the UniCats where the project developers themselves stole Uniswap (UNI) tokens from their users.

One useful practice traders can adopt is to review their existing allowances on their wallets. Platforms like revoke.cash and approved.zone can be used to identify ERC allowances associated with an address as well as options to revoke or lower such allowances.

Another method that can be used is during the initial first interaction stage where instead of unlimited, traders can select custom spend limits on their MetaMask wallets when approving spend limits for new tokens.

With ERC-20 the de facto standard for the DeFi space, users will still have to contend with the unlimited allowance risk. However, traders can adopt these useful practices to minimize the dangers associated with this potential vulnerability.


Like it? Share with your friends!

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
admin

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format